Matt Jonkman wrote:
What are you using to test bandwidth?
If you're using one of the common online bandwidth testers, those are
most often based on latency seen.
Will and Victor, wouldn't the clam preproc cause some latency jitter?
Matt
carlopmart wrote:
Victor Julien wrote:
carlopmart wrote:
Victor Julien wrote:
carlopmart wrote:
Victor Julien wrote:
carlopmart wrote:
Yes: norm_wscale_max 14
This should be ok. Can you past your entire stream4 config?
It doesn't have to be a stream4inline issue though. The number of sigs,
preprocessors, etc. can also slow things down. Especially the clamav
preproc.
Regards,
Victor
I think that the problem is the clamav preprocessor too, but I didn't
hope that it was so slow ...
What hardware are you using?
My is server is a P4 HT 3.2GHz with 1GB of RAM ...
Normally this hardware should be able to keep up with the connection
even with clamav enabled. I think this hardware should be able to handle
about 10 to 15mbit/s with clamav, although it depends on what else the
box is doing of course. To be sure, could you try to disable clamav and
try again?
Cheers,
Victor
I have tried this Victor, and without clamav preprocessor all works as
expected: bandwidth returns to 310 Kb/s ....
I have do it a very simple test: download a file from here:
http://trumpetti.atm.tut.fi/debian-cd/4.0_r1/i386/iso-cd/debian-40r1-i386-netinst.iso
--
CL Martinez
carlopmart {at} gmail {d0t} com
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
